NETWAYS · Wintermute2k6 · Feb 13, 2026 · Feb 13, 2026 · Feb 13, 2026 · Feb 13, 2026
diff --git a/roles/beats/tasks/auditbeat.yml b/roles/beats/tasks/auditbeat.yml
@@ -10,6 +10,9 @@
       string ) if (elasticstack_version is defined and elasticstack_version | length > 0)) |
       replace(' ', '')
       }}
+  tags:
+    - auditbeat
+    - name
 
 - name: Install Auditbeat - rpm - full stack
   ansible.builtin.package:
@@ -21,6 +24,9 @@
   when:
     - ansible_os_family == "RedHat"
     - elasticstack_full_stack | bool
+  tags:
+    - auditbeat
+    - rpm
 
 - name: Install Auditbeat - rpm - standalone
   ansible.builtin.package:
@@ -30,6 +36,10 @@
   when:
     - ansible_os_family == "RedHat"
     - not elasticstack_full_stack | bool
+  tags:
+    - auditbeat
+    - standalone
+    - rpm
 
 - name: Install Auditbeat - deb
   ansible.builtin.package:
@@ -38,6 +48,9 @@
     - Restart Auditbeat
   when:
     - ansible_os_family == "Debian"
+  tags:
+    - auditbeat
+    - deb
 
 # KICS complains about "latest" package but this is a dedicated update task
 
@@ -55,11 +68,15 @@
     - elasticstack_version == "latest"
     - ansible_os_family == "RedHat"
     - elasticstack_full_stack | bool
+  tags:
+    - auditbeat
+    - fullstack
+    - rpm
 
 - name: Install Auditbeat latest version - rpm - standalone
   ansible.builtin.package:
    name: auditbeat
    state: latest
  notify:
    - Restart Auditbeat
  when:
@@ -67,17 +84,25 @@
     - elasticstack_version == "latest"
     - ansible_os_family == "RedHat"
     - not elasticstack_full_stack | bool
+  tags:
+    - auditbeat
+    - latest
+    - rpm
 
 - name: Install Auditbeat latest version - deb
   ansible.builtin.package:
    name: auditbeat
    state: latest
  notify:
    - Restart Auditbeat
  when:
     - elasticstack_version is defined
     - elasticstack_version == "latest"
     - ansible_os_family == "Debian"
+  tags:
+    - auditbeat
+    - latest
+    - deb
 
 - name: Configure Auditbeat
   ansible.builtin.template:
@@ -105,10 +130,16 @@
   when:
     - beats_auditbeat_setup | bool
     - beats_auditbeat_output == "elasticsearch"
+  tags:
+    - auditbeat
+    - setup
 
 - name: Start Auditbeat
   ansible.builtin.service:
     name: auditbeat
     state: started
     enabled: true
   when: beats_auditbeat_enable | bool
+  tags:
+    - auditbeat
+    - start
diff --git a/roles/elasticstack/defaults/main.yml b/roles/elasticstack/defaults/main.yml
@@ -25,6 +25,7 @@ elasticstack_security: true
 elasticstack_variant: elastic
 elasticstack_force_pip: false
 elasticstack_manage_pip: false
+elasticstack_encryption_key_size: 64
 
   # for debugging only
 elasticstack_no_log: true
diff --git a/roles/kibana/defaults/main.yml b/roles/kibana/defaults/main.yml
@@ -14,6 +14,7 @@ kibana_cert_validity_period: 1095
 kibana_cert_will_expire_soon: false
 kibana_sniff_on_start: false
 kibana_sniff_on_connection_fault: false
+kibana_custom_default_index: 979390d0-3def-11ea-ad1f-5b09c073c7d3
 
 kibana_freshstart:
   changed: false
diff --git a/roles/kibana/tasks/kibana-default-index.yml b/roles/kibana/tasks/kibana-default-index.yml
@@ -0,0 +1,16 @@
+---
+
+- name: Set Custom Default Index
+  ansible.builtin.uri:
+    url: 'http://{{ ansible_default_ipv4.address }}:5601/api/kibana/settings'
+    method: POST
+    body:
+      changes:
+        defaultIndex: '{{ kibana_custom_default_index }}'
+    body_format: json
+    headers:
+      kbn-version: 8.19.11
+      Content-Type: application/json
+  register: result
+- ansible.builtin.debug:
+    msg: "setting new custom Index to {{ kibana_custom_default_index }}"
diff --git a/roles/kibana/tasks/kibana-security.yml b/roles/kibana/tasks/kibana-security.yml
@@ -1,5 +1,15 @@
 ---
 
+- name: Ensure encryption key exists
+  ansible.builtin.stat:
+    path: "{{ elasticstack_ca_dir }}/encryption_key"
+  register: encryption_key_exists
+
+- name: Ensure saved encryption key exists
+  ansible.builtin.stat:
+    path: "{{ elasticstack_ca_dir }}/savedobjects_encryption_key"
+  register: savedobjects_encryption_key_exists
+
 - name: Ensure kibana certificate exists
   ansible.builtin.stat:
     path: "/etc/kibana/certs/{{ ansible_hostname }}-kibana.p12"
@@ -125,11 +135,14 @@
     - name: Generate encryption key # noqa: risky-shell-pipe
       ansible.builtin.shell: >
         if test -n "$(ps -p $$ | grep bash)"; then set -o pipefail; fi;
-        openssl rand -base64 36 >
+        openssl rand -base64 {{ elasticstack_encryption_key_size }} >
         {{ elasticstack_ca_dir }}/encryption_key
       changed_when: false
       args:
         creates: "{{ elasticstack_ca_dir }}/encryption_key"
+    - ansible.builtin.debug:
+        msg: "File exists..."
+        when: encryption_key_exists.stat.exits
 
     - name: Fetch encryption key
       ansible.builtin.command: cat {{ elasticstack_ca_dir }}/encryption_key
@@ -139,12 +152,14 @@
     - name: Generate saved objects encryption key # noqa: risky-shell-pipe
       ansible.builtin.shell: >
         if test -n "$(ps -p $$ | grep bash)"; then set -o pipefail; fi;
-        openssl rand
-        -base64 36 >
+        openssl rand -base64 {{ elasticstack_encryption_key_size }} >
         {{ elasticstack_ca_dir }}/savedobjects_encryption_key
       changed_when: false
       args:
         creates: "{{ elasticstack_ca_dir }}/savedobjects_encryption_key"
+    - ansible.builtin.debug:
+        msg: "File exists..."
+        when: savedobjects_encryption_key_exists.stat.exits
 
     - name: Fetch saved objects encryption key
       ansible.builtin.command: cat {{ elasticstack_ca_dir }}/savedobjects_encryption_key